SysAdmin: How to Hack UNIX [Part Two of series]Mar 17, 2001, 23:00 (4 Talkback[s])
(Other stories by Kurt Seifried)
"Most networks have at least a few UNIX-based machines. These UNIX servers typically provide infrastructure -- network and backend services (company database, etc.), which are a critical component of most networks. Desktops, for example, are useless without file and print servers. Many of these servers are publicly accessible (e.g., DNS, email, and Internet servers) making them easy to attack. Even if the server is internal and cannot be attacked via the Internet, there is still the internal network to worry about. Regardless of how well you use firewalls and other filtering mechanisms to control server access, these tools are not enough on their own. An attacker can walk into an office building, find an unused Ethernet jack, plug in laptop connected to a cell phone and then leave, thereby gaining the ability to attack the network from the inside. Furthermore, a night janitor, for example, could use scanners and probing software (such as Nmap, Nessus, Saint, or Cheops) and quickly build a detailed model of your network with minimal effort. (See Figure 1.)"
"Locking down access controls lists tightly enough so that only legitimate connections occur is inadequate, and is also a lot of work. An attacker could use the IP address of a "trusted" machine and scan various hosts; simply cycling through network IPs at random is sufficient in most cases. There is even specialized scanner software for specific services, for example "scanssh", a scanner that looks for machines running SSH and tells you what versions they are running. (Some older versions have significant security flaws)"